WO2016195949A1 - Authentification de dispositif stylet - Google Patents

Authentification de dispositif stylet Download PDF

Info

Publication number
WO2016195949A1
WO2016195949A1 PCT/US2016/031953 US2016031953W WO2016195949A1 WO 2016195949 A1 WO2016195949 A1 WO 2016195949A1 US 2016031953 W US2016031953 W US 2016031953W WO 2016195949 A1 WO2016195949 A1 WO 2016195949A1
Authority
WO
WIPO (PCT)
Prior art keywords
stylus
stylus device
channel
sequence
module
Prior art date
Application number
PCT/US2016/031953
Other languages
English (en)
Inventor
Flavio Protasio RIBEIRO
Original Assignee
Microsoft Technology Licensing, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing, Llc filed Critical Microsoft Technology Licensing, Llc
Priority to CN201680032591.8A priority Critical patent/CN107683582B/zh
Priority to EP16726235.1A priority patent/EP3304258B1/fr
Publication of WO2016195949A1 publication Critical patent/WO2016195949A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/033Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor
    • G06F3/0354Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor with detection of 2D relative movements between the device, or an operating part thereof, and a plane or surface, e.g. 2D mice, trackballs, pens or pucks
    • G06F3/03545Pens or stylus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/041Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means
    • G06F3/0412Digitisers structurally integrated in a display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition
    • G06V30/32Digital ink
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/33Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses

Definitions

  • Security tokens are used to authenticate or prove an identity of a user of a computer device. Sequence-based tokens generate a sequence of codes which can be used to add a layer of security to authentication procedures. Using security tokens adds a step to the user and device authentication process, which can include, for example, typing a code or inserting a smartcard. Authentication systems using security tokens, such as sequence-based tokens, can include prompting a user to enter a code retrieved from a hardware token device or software token application as part of the authentication process.
  • An embodiment provides a stylus device that includes a first module to generate and store cryptographic credentials that include a secret value.
  • the stylus device includes a second module to transmit the secret value from the stylus device over a secure channel to a computer device.
  • the stylus device includes a third module to generate a sequence of codes which depend on the secret value.
  • the stylus device includes a fourth module to transmit the sequence of codes over a channel.
  • the stylus broadcasts cryptographic credentials over one or more channels to the computer device, which may include public channels monitored by eavesdroppers.
  • the computer device can use, for example, a
  • FIG. 1 is a schematic of a stylus device augmented with cryptographic hardware and applications on an internal circuit
  • FIG. 2 is a block diagram of an example of a system for authenticating a stylus device and cryptographically authenticating an author of digital ink;
  • FIG. 3 is a block diagram of an example tablet computer device interacting with a stylus device
  • FIG. 4 is a process flow diagram of an example method for security setup and authentication of a stylus device
  • FIG. 5 is a process flow diagram of an example of a method for
  • Fig. 6 is a block diagram showing a computer-readable storage media that can store instructions for cryptographically authenticating an author of digital ink.
  • a stylus is a writing utensil typically in the shape of a pen that is used to interact with, for example, a touch screen of a tablet computer device.
  • a stylus is an input device that can transmit data and control signals to a computer device.
  • a digitizer component on the computer device may be used to determine stylus position and orientation, allowing for example a user to trace lines which are then represented as digital ink on a display.
  • the digitizer may also be used to communicate data between the stylus and the computer, such as pressure, battery level, button state and serial number.
  • a stylus device can automatically act as a token in a cryptographically secure manner.
  • a stylus can generate and transmit codes to cryptographically authenticate digital ink as being produced by a specific stylus device and by a specific user, thereby protecting against stylus ID cloning, which is a vulnerability today.
  • Digital ink can include any suitable input provided by a stylus device to a computing device.
  • digital ink can correspond to signatures, handwritten notes, illustrations, figures or diagrams produced by a stylus device.
  • Typical sequence-based tokens impose additional authentication burdens on the user, whereas the embodiments described obviate a user's need to type in a code for every authentication, while still providing an additional factor in an authentication procedure.
  • Automating user authentication and ink authorship determination is relevant in many applications.
  • multiple users interact with the same computing device using their respective personal stylus devices. Such interactions may happen in close temporal succession or even simultaneously during collaborative tasks.
  • Some embodiments may be used to obviate a manual authentication process that could interrupt the inking activity (e.g., by displaying an authentication screen or dialog box) or temporarily disrupt or inhibit input from one or more users.
  • Some embodiments thus allow a computer device to assign authorship to the digital ink produced by each author in an automatic and imperceptible yet cryptographically secure manner.
  • a user may be interacting with a third-party or public computer with a personal stylus device.
  • Some embodiments allow for user identification and ink authorship determination without an explicit declaration of identity from the user, without providing secrets that could be exploited by an attacker, and in a cryptographically secure manner.
  • the stylus can be used to provide a second factor for user authentication, independent of an inking activity.
  • a stylus is owned by a single user, such that the detection and authentication of a stylus with a specific ID (e.g., unique serial number) implies the proximity of its owner.
  • a computer device requesting authentication of a user can request a second factor of authentication, which can be provided by the stylus.
  • This embodiment could be used to replace or complement other secondary authentication factors, such as those provided by biometrics, smartcards, and other hardware or software token devices.
  • Encryption techniques can include encryption and decryption keys.
  • an encryption key specifies how plaintext is transformed into cyphertext.
  • a decryption key specifies how cyphertext is transformed into plaintext.
  • Cryptographic techniques can also include hash functions, which transform any arbitrarily sized block of digital data into a block of fixed size, referred to as a hash value or simply hash.
  • Cryptographic hash functions are designed to easily verify that a given input block maps to a provided hash value, while making it deliberately difficult to reconstruct the input block from a provided hash, modify the input block without modifying the hash, and find two input blocks with the same hash.
  • Symmetric encryption utilizes identical encryption and decryption keys, and plaintext is encrypted and ciphertext decrypted with the same key.
  • the sender and receiver parties must both have access to the secret key, and if either party is compromised, then an attacker may be able to gain unauthorized access to plaintext.
  • Asymmetric encryption uses an encryption key and a decryption key that are different from one another. In some applications, one of the keys is secret (or private), while the other is public. Applications of asymmetric encryption with public and private keys can allow the public key can be revoked by its issuer, who can then generate a new replacement public and private key pair to be used in future communications, thus providing additional security measures against loss of the private key.
  • the private key can be used to encrypt plaintext, while the public key is to decrypt ciphertext.
  • symmetric encryption is used.
  • a single key may be used with conjunction with a hash function.
  • Embodiments presented herein are targeted at a secure initialization, key transfer and authentication procedure for a stylus device generating one key or key pair, and authenticating an author of digital ink with the stylus device on a computer device with access to this key or key pair.
  • hardware may include computer systems, discrete logic components, such as application specific integrated circuits (ASICs), and the like, as well as any combinations thereof.
  • ASICs application specific integrated circuits
  • the phrase "configured to” encompasses any way that any kind of structural component can be constructed to perform an identified operation.
  • the structural component can be configured to perform an operation using software, hardware, firmware and the like, or any combinations thereof.
  • logic encompasses any functionality for performing a task. For instance, each operation illustrated in the flowcharts corresponds to logic for performing that operation. An operation can be performed using software, hardware, firmware, etc., or any combinations thereof.
  • ком ⁇ онент can be a process running on a processor, an object, an executable, a program, a function, a library, a subroutine, and/or a computer or a combination of software and hardware.
  • a component can be a process running on a processor, an object, an executable, a program, a function, a library, a subroutine, and/or a computer or a combination of software and hardware.
  • an application running on a server and the server can be a component.
  • One or more components can reside within a process and a component can be localized on one computer and/or distributed between two or more computers.
  • the claimed subject matter may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques to produce software, firmware, hardware, or any combination thereof to control a computer to implement the disclosed subject matter.
  • article of manufacture as used herein is intended to encompass a computer program accessible from any computer-readable device, or media.
  • Computer-readable storage media and devices can include but are not limited to magnetic storage devices (e.g., hard disk, floppy disk, and magnetic strips, among others), optical disks (e.g., compact disk (CD), and digital versatile disks
  • computer-readable media generally (i.e., not storage media) may additionally include communication media such as transmission media for wireless signals and the like.
  • Fig. 1 is a schematic of a stylus device 100 augmented with cryptographic hardware and applications.
  • the stylus device 100 can be any type of electronic pen or stylus capable of writing on computer devices, such as tablet devices or phones, for example.
  • the circuit 102 within the stylus device 100 can process information, such as, for example, application software for cryptographically authenticating the stylus device.
  • the components of the stylus device 100 can be powered by a battery 103, for example.
  • the stylus device can include a storage unit 105 connected to the circuit 102.
  • the storage unit 105 can be either volatile memory or non-volatile memory of any type.
  • the circuit 102 can be connected to a signal transmitter 104 through a cable, bus, or by any suitable means.
  • the signal transmitter 104 can transmit a signal, for example, of arbitrary bit streams, directed through the tip 106 of the stylus device 100 through a digitizer channel 108 to a computer device 110.
  • the digitizer channel 108 conveys information when the tip 106 of the stylus device 100 is within a certain range with respect to the computer device 110.
  • the digitizer channel 108 is used to convey digital data such as pressure exerted by the tip 106 and power level of the battery 103 of the stylus device 106.
  • the digitizer channel 108 is used to transmit data over a short distance, for example, about 15 millimeters.
  • the digitizer channel 108 is also used to convey cryptographic data described herein.
  • the signal transmitter 104 transmits data through a wireless auxiliary channel 112.
  • the wireless auxiliary channel 112 can convey radio waves through Bluetooth Low Energy (BLE), for example, using advertisement frames.
  • An advertisement frame is a frame that is transmitted to allow the existence of a network or device to be discovered, while periodically broadcasting application-specific data payloads.
  • the stylus device 100 and the computer device 1 10 include real-time clock (RTC) components 1 14 in order to track time, for example, a time since an initial seed value is generated. It is to be understood that RTC components 1 14 include internal hardware for the stylus device 100 and computer device 1 10.
  • RTC real-time clock
  • the circuit 102 is configured to initialize the cryptographic credentials, which can be used to authenticate the identity of the stylus device 100.
  • Cryptographic credentials can include, for example, an encryption key, a decryption key, an initial seed value Xo and a timestamp To corresponding to the instant the cryptographic credentials are generated.
  • the cryptographic credentials may also include a stylus ID such as a serial number related to the stylus device 100 that is stored at the circuit 102. The stylus ID is uniquely identifiable and used in
  • the cryptographic credentials for one or more styluses may be simultaneously stored and recalled using stylus ID as a unique lookup key. Additionally, the stylus device 100 can store the cryptographic state in storage unit 105.
  • the cryptographic credentials are initialized in response to the user pressing and holding a security setup button 1 16 for a prescribed amount of time guaranteed not to be the result of an accidental button press (e.g., 10 seconds).
  • This action instructs the processing circuit 102 to erase cryptographic credentials previously stored in storage unit 105, generate new cryptographic credentials, and write them to storage unit 105.
  • the security setup process is concluded by transmitting from the stylus device 100 to the computer device 1 10 one or more components of the cryptographic credentials, such as the decryption key, the initial seed value Xo, the timestamp To and the stylus ID. It will be recognized that the transmission can be arbitrarily deferred with respect to the initiation of the security setup process. It is assumed that if this transmission includes secret information, then it occurs over a channel that is deliberately difficult to be monitored by an
  • this transmission can occur over the digitizer channel 108, which generally has short range (e.g., 1.0-2.0 cm), requiring the stylus 100 to be in very close proximity to the computer device 1 10.
  • this transmission can occur over a channel encrypted using other methods, which are assumed to be secure. The security setup process makes the device ready for future authentication.
  • the stylus device 100 internally generates a sequence of codes, for example, Xo, Xi, Xn, adding a new element to the sequence at a prescribed cadence which is known to the computer device 1 10 (e.g., every N seconds, or upon pressing a button on the stylus).
  • this sequence (including the seed value Xo) can be produced by a cryptographically secure pseudorandom number generator (CSPRNG).
  • this sequence can be produced by recursive application of a cryptographically secure hash function to an initial seed value Xo, such that the sequence Xo, Xi, Xn is known as a hash chain.
  • the time elapsed between the time To when the initial seed value was generated and the current time Tnow is generally tracked by both the stylus device 100 and computer device 1 10.
  • the stylus device 100 may encrypt each code of the sequence Xo, Xi, Xn with an encryption key generated by the stylus device 100 during a setup phase and stored as a secret value.
  • the sequence Yo, Yi, Yn represents the corresponding sequence of encrypted codes (also referred to herein as a sequence of digital signatures).
  • the digital signature or encrypted sequence can be transmitted, for example, over the digitizer channel 108, the wireless auxiliary channel 1 12, or another wireless communication channel to a computer of interest such as computer device 1 10.
  • digital signatures can be used to detect forgery, tampering, or other unauthorized accesses to hardware, firmware, software and information.
  • a valid or authenticated digital signature indicates to the recipient computer device 1 10 that the signal and message were created and transmitted by a known sender without being altered, in transit or otherwise.
  • a stylus 100 may be authenticated.
  • a computer device 1 10 that participated in the security setup process with stylus 100 has a copy of its decryption key, as well as the initial seed Xo and the timestamp To when it was generated.
  • the computer device decrypts the received value 3 ⁇ 4 with the decryption key from 100, obtaining a value X ⁇ .
  • the cadence of code generation Xo, Xi, Xn is known to the computer device 1 10.
  • Another computer device that may be attempting to eavesdrop on, for example, a BLE transmission from the stylus device 100 containing the encrypted sequence Yo, Yi, Yn, and not having either the decryption key or initial seed Xo will get no useful information. Not having the initial seed Xo implies the inability to generate the correct sequence Xo, Xi, Xk, preventing continuation of the
  • both the initial seed Xo and decryption key are secrets which may independently enable cryptographically secure authentication, and when combined may provide independent layers of security. It is recognized that this statement is contingent on the use of a cryptographically secure encryption algorithm and cryptographically secure PRNG.
  • Embodiments are possible with either symmetric or asymmetric encryption algorithms. If a symmetric encryption is used, the encryption and decryption keys are the identical, implying that an attacker with knowledge of one automatically has knowledge of the other. While this does may not reveal other secrets which may exist, such as the value of an initial seed Xo, it generally weakens the security of the system and reduces the effort needed to create a rogue clone stylus. If an asymmetric encryption is used, an attacker with knowledge of the decryption key is no closer to having the encryption key, and is therefore no closer to creating a rogue clone stylus.
  • Embodiments are possible with asymmetric encryption where the only secret is the private key, which is the encryption key.
  • This key may be generated by the stylus device 100 during the security setup process and never transmitted out by any means.
  • the seed Xo and the public (decryption) key may be made public.
  • the stylus may be cryptographically authenticated by the previously described process.
  • the cryptographic credentials transmitted by the stylus during the security setup process may be forwarded (e.g., over a network connection, possibly secured by other means of encryption) by the associated computing device to a cloud service.
  • a cloud or cloud service can, for example, include multiple servers connected over one or more networks.
  • An authentication service can then be implemented remotely in the cloud, executing the authentication procedure described previously. This may allow any device with a network connection to the cloud service (and not only a specific computing device 110) to forward a received stylus ID and encrypted sequence Yo, Yi, Yn to the
  • Embodiments are also possible where the communication channels are bidirectional, allowing the transmitter and receiver agents described herein to be exchanged and the stylus device to authenticate the identity of the computer device. It is recognized that a bi-directional short-range digitizer channel may allow secrets, including cryptographic keys and seed values, to be exchanged in both directions during a security setup process, with negligible risk of being obtained by an eavesdropper. Once a security setup is complete, a bidirectional long-range and potentially insecure channel can be used for two-way authentication methods, which may include challenge-response authentication using hashes or public keys.
  • Fig. 1 is not intended to indicate that the stylus 100 and computer device 110 are to include all of the components shown in Fig. 1. Rather, the stylus 100 and computer device 110 can include fewer or additional components not illustrated in Fig. 1, e.g. , additional applications, additional modules, additional memory devices, additional network interfaces (not shown), and the like. Further, the stylus 100 and computer device 1 10 are not limited to the modules shown as any combinations of the code used to implement these functions can be implemented. For example, other wireless channels can be used to communicate information from the stylus device 100 to a computer device 1 10.
  • symmetric encryption where the encryption key and decryption key are the same and hence encryption and decryption actions are performed using the same key, can be utilized for authenticating a stylus device 100.
  • Symmetric encryption can be used in systems where the computer device 1 10 has secured the key.
  • Bi-directional transmission between the stylus device and computer device over the channel can also enable two-way authentication techniques, and the exchange of cryptographic information and other credential values.
  • FIG. 2 is a block diagram of an example of a system 200 for authenticating a stylus device and cryptographically authenticating an author of digital ink.
  • the stylus device of the system 200 can be, for example, one or more of the stylus device 100 from Fig. 1.
  • the system 200 includes a computer device 202 for interacting with the stylus device 100.
  • the computer device 202 can be a tablet device, a smart phone, a laptop computer, a personal digital assistant (PDA), or similar device that can interface with a stylus device 100.
  • the computer device 202 may be a desktop computer, for example.
  • the computer device 202 can include a processor 204 that is adapted to execute stored instructions, as well as a memory device 206 that stores instructions that are executable by the processor 204.
  • the processor 204 can be a single core processor, a multi-core processor, a computing cluster, or any number of other configurations.
  • the memory device 206 can include random access memory (e.g., SRAM, DRAM, zero capacitor RAM, SONOS, eDRAM, EDO RAM, DDR RAM, RRAM, PRAM, etc.), read only memory (e.g., Mask ROM, PROM, EPROM, EEPROM, etc.), flash memory, or any other suitable memory systems.
  • the instructions that are executed by the processor 204 can be used to implement the cryptographic authentication and identification techniques of a stylus device as described herein.
  • the processor 204 may be connected through a system bus 208 (e.g., a proprietary bus, PCI, ISA, PCI-Express, HyperTransport®, etc.) to an input/output (I/O) device interface 210 adapted to connect the computer device 202 to one or more I/O devices 212.
  • the I/O devices 212 can include, for example, a camera, a gesture recognition input device, a keyboard, a pointing device, and a voice recognition device, among others.
  • the pointing device may include a touchpad or a touchscreen, among others.
  • the I/O devices 212 can be built-in components of the computer device 202, or can be devices that are externally connected to the computer device 202.
  • the processor 204 can also be linked through the system bus 208 to a digitizer interface 214 adapted to connect the computer device 202 to receive and interpret information from a digitizer screen 216.
  • the digitizer screen 216 may include a display screen that is a built-in component of the computer device 202.
  • the digitizer screen 216 can also include a computer monitor, television, or projector, among others, that is externally connected to the computer device 202.
  • the stylus device 100 can transmit cryptographic information through a digitizer channel 218 when the stylus device 100 is touching or within a hover range of the digitizer screen.
  • the hover range for the digitizer channel 218 can be any suitable distance between the tip of the stylus device 100 and the digitizer screen 216, for example, around 10 mm to 20 mm. In some examples, the hover range can be any suitable distance that prevents an intruder in close proximity from intercepting data transmitted via the digitizer channel 218. In other embodiments, when the hover range is exceeded, an auxiliary wireless channel can optionally be used for transmitting the encrypted data.
  • Storage 220 can be coupled to the processor 204 through the bus 208.
  • the storage 220 can include a hard drive, a solid state drive, an optical drive, a USB flash drive, an array of drives, or any combinations thereof.
  • the storage 220 can include a number of modules configured to implement stylus authentication and identification of digital ink authorship as described herein.
  • the storage 220 can include a reception module 222 configured to receive and store data transmitted from the stylus device 100.
  • the reception module 222 can receive cryptographically related data such as a unique stylus ID, and an initial seed value for a pseudorandom number generator from the stylus device 100.
  • the stylus device 100 may encrypt each generated code with an encryption key generated by the stylus device 100 during a setup phase to create a sequence of digital signatures.
  • the reception module 222 can also receive the digital signatures from the stylus device 100 and store the received information at storage 220.
  • the storage 220 can further include a decryption and authentication module 224.
  • the decryption and authentication module 224 can decrypt the digital signatures received from the stylus device 100.
  • the decryption and authentication can be based on the public key, the initial seed value for the pseudorandom sequence of numbers, and a time since the initial seed value was generated.
  • the decryption and authentication can be based on the public key, the initial seed value for the pseudorandom sequence of numbers, and a time since the initial seed value was generated.
  • the authentication module 224 can authenticate the digital signature has been properly decrypted.
  • the decryption and authentication module 224 can retrieve the cryptographic credentials (e.g., decryption key, seed value, and other cryptographic parameters) related to the stylus device 100 and ensure the decrypted digital signature matches the expected sequence of codes.
  • the last code of the sequence that is received by the computer device 202 can be decrypted and used as a second factor of authentication. This second factor of authentication may be in addition to a user of the stylus device 100 submitting other security credentials, such as name and password, for example. This technique enables access for the stylus device 100 to the computer device 202 based on whether cryptographic data and stylus ID related to the stylus device is authenticated.
  • a cloud 226 server or network can be connected to the computer device 202 by transmitting information through a network interface controller (NIC) 228.
  • the NIC 228 may be adapted to connect the computer device 202 through the system bus 206 to the cloud 226 or network.
  • the network may be a local area network (Ethernet LAN), or a wireless (WiFi) network, among others.
  • the cloud 226 can perform the decryption and authentication techniques described with regards to the modules in storage 220, by using the cryptographic information related to the stylus device 100.
  • a device or server on the cloud 226 uses a digital ink authorship service to determine a user from a plurality of users who authored digital ink on a shared computer device 202.
  • a device or server on the cloud 226 can receive an encrypted sequence broadcast by User A's stylus device and the stylus ID for the stylus device.
  • the shared computer device 202 may not have the cryptographic credentials (e.g., decryption key, initial seed value, or time since the initial seed value was generated) from the stylus device 100.
  • the decryption key related to the stylus ID can be securely uploaded to the cloud 226 as part of account credentials by a trusted computing device prior to using a shared computing device 202.
  • Any suitable shared computing device 202 can then forward a digital signature to the cloud 226 for authentication purposes.
  • User A's stylus cryptographic credentials can then be used by the digital ink authorship service in the cloud 226 to authenticate a digital signature from User A's stylus.
  • the digital ink authorship service in the cloud 226 can then return an indication that the identity of User A is authenticated.
  • the digital signature can be authenticated based on the stylus cryptographic credentials key that have been stored locally at storage 220, such as a hard disk drive or solid state drive, for example.
  • a stylus ID and cryptographic credentials transmitted by a stylus device 100 to the computer device 202 during a security setup phase can be stored and used to determine if a stylus device claiming to have the same device ID is also transmitting digital signatures matching the expected sequence of codes implied by the previously stored cryptographic credentials.
  • a computer device 110 that stores and later accesses the cryptographic credentials for the stylus device 100 can decrypt the digital signature and recover the original sequence transmitted by the stylus device 100.
  • a unique author of digital ink that transmitted information from a user's stylus to a computer device can be cryptographically authenticated.
  • the stylus that transmitted digital ink on a computer device shared between User A, User B, User C, or any other number of users on a computer device with access to the cloud 226 can be determined. For example, assume User A and User B are both transmitting data from stylus devices on User C's computer device.
  • the cloud 226 can execute an ID validation service or authentication application that receives an encrypted code, Yn, broadcast by User A, with a corresponding stylus ID, with the purpose of verifying whether Yn was generated by User A's stylus device or by another stylus device, such as that possessed by User B.
  • User C's computer device has access to both Yn and User A's stylus ID, since Yn and the stylus ID are openly transmitted by a stylus device to the digitizer or digitizer interface of the computer device whenever the stylus device is in contact or within a close range.
  • the ID validation service accesses User A's previously uploaded cryptographic credentials (e.g., decryption key, initial seed value, or time since the initial seed value was generated) based on the corresponding stylus ID, decrypts Ynwith the decryption key to obtain X n , and checks if Xn matches the expected sequence value at this point in time since the initial seed was generated. If the values match, the identity of User A has been cryptographically authenticated. An author of digital ink can be verified on User C's computer device, ensuring stylus ID
  • the stylus device can be cryptographically and securely authenticated on any computer device with access to the cryptographic credentials stored either locally or on the cloud 226.
  • the stylus device 100 is permitted access to the computer device 202, enabling data to be transmitted from the stylus device to the computer device in response to detecting that a stylus ID related to the stylus device is authenticated.
  • Fig. 3 is a block diagram of an example tablet computer device 300 interacting with a stylus device 100.
  • the tablet computer device 300 includes a touch screen 302.
  • the touch screen 302 in the illustration is displaying a login screen 304 for a user of the tablet computer device 300 to enter her credentials.
  • a user entry window 306 shows that a user, Alice, is trying to access the tablet computer device 300.
  • a password entry window 308 shows where a user may enter the characters of her password for the tablet computer device 300.
  • the user name and password combination can be one factor of authentication to access the tablet computer device 300.
  • the stylus device 100 can transmit cryptographic credentials related to the stylus device 100 as a second factor of authentication. This technique enables access for the stylus device 100 to the tablet computer device 300 based on whether cryptographic data and stylus ID related to the stylus device 100 is authenticated.
  • Fig. 4 is a process flow diagram of an example method 400 for security setup and authentication of a stylus device.
  • the method 400 allows a host computer device to decrypt a pseudorandom number sequence generated, encrypted and transmitted by a stylus device, and validate the stylus as uniquely identifiable.
  • the method 400 can cryptographically authenticate a stylus device associated with a specific user when in proximity to a host computer device.
  • the method 400 may be implemented by the stylus device 100 and computer system 110 described with respect to Fig. 1, for example.
  • the circuit 102 generates cryptographic data, such as identification and authentication credentials, at the stylus device.
  • the credentials can include a decryption key, an encryption key, an initial seed and a timestamp corresponding to the generation of the initial seed at the stylus device.
  • the decryption key and the encryption key can be the same to enable symmetric encryption between the stylus device and a computing device.
  • the decryption key and the encryption key can be different to enable asymmetric encryption between the stylus device and a computing device.
  • the decryption key and encryption key can be generated using any suitable encryption technique or application. Additionally, the pseudorandomly generated number sequence can be generated using any suitable number generator such as a
  • a cryptographically secure pseudorandom number generator among others.
  • a hash function could be used instead of a PRNG.
  • a time associated with the generation of the initial seed, decryption key, and/or encryption key (e.g., the time the initial seed, decryption key, and/or encryption key was generated) can also be generated to enable recreating the pseudorandomly generated number sequence.
  • a storage unit 105 stores the cryptographic data, which can include a decryption key, encryption key, initial seed value as identification and authentication credentials at the stylus device.
  • the storage unit 105 also stores a stylus ID associated with the stylus device, and the time corresponding to the generation of the initial seed value, decryption key, and/or encryption key.
  • the stylus ID is a serial number related to an individual stylus for distinction and identification. The time that is recorded on the stylus can correspond to the generation of the sequence of pseudorandomly generated numbers. This time can later be used with the initial seed to determine and authenticate the original credentials of the stylus device.
  • the method 400 continues when the circuit 102 encrypts the sequence of pseudorandomly generated numbers using the encryption key to produce a sequence of digital signatures.
  • the stylus device 100 internally generates the pseudorandom sequence of numbers to be encrypted, for example, Xo, Xi, Xn, by generating a new number for the sequence every N seconds.
  • the stylus device 100 encrypts each code of the pseudorandomly generated sequence with the encryption key.
  • the sequence Yo, Yi, Yn represents a sequence of digital signatures of the sequence Xo, Xi, Xn that has been encrypted by the encryption key.
  • the stylus device uses a digitizer channel 108 to transmit the stylus ID and the digital signature.
  • the digital signature can demonstrate the authenticity of a digital message or document sent over the digitizer channel, or other wireless channel, of the stylus device.
  • a valid digital signature indicates to a computer device that the message was created by a known stylus device.
  • a valid digital signature can also indicate that the message maintained integrity and was not altered in transit.
  • the digitizer channel 108 also transmits the initial seed value and time associated with the generation of the initial seed value.
  • the stylus device uses a digitizer channel 108 to detect a response from a computer device that the stylus device is authenticated and access to transmit user data to the computer device is permitted.
  • User data also referred to as digital ink herein, can include any suitable input provided by the stylus device to a computer device such as a signature, drawings, or alphanumeric characters, among others.
  • the stylus device can transmit any amount of user data or digital ink to a computing device and the authorship of the digital ink may be saved along with the user data at the computing device.
  • Fig. 5 is a process flow diagram of an example of a method 500 for authenticating the identity of a stylus device that is the author of digital ink on a computer device.
  • the method 500 may be implemented by the system 200 described with respect to Fig. 2, for example.
  • the method 500 begins at block 502 where cryptographic or authentication information is received at the computer device.
  • the cryptographic or authentication information can include a decryption key, encryption key, and a digital signature generated and encrypted by the stylus device.
  • the stylus device can encrypt a pseudorandom sequence of numbers using the encryption key stored at the stylus device to create the digital signature.
  • a decryption and authentication module 224 decrypts the digital signature that has been encrypted with the encryption key.
  • the digital signature can be decrypted using the corresponding decryption key related to the stylus ID of the stylus device that is transmitting data or digital ink.
  • the stylus ID can be unique to one user, assuming that user keeps the related stylus device in his possession.
  • the stylus ID once decrypted and authenticated, can indicate an author of digital ink produced by the stylus.
  • the decryption and authentication module 224 can cryptographically authenticate an author of digital ink corresponding to the stylus device on the computer device. For example, the decryption and authentication module 224 can compare the pseudorandomly generated code included in the digital signature from the stylus to a recreated pseudorandomly generated number at the computing device. In some embodiments, the digital signature can be verified by processing the signature value with the stylus device's corresponding decryption key and comparing the resulting number sequence with the pseudorandom sequence generated by the stylus. The encrypted sequence of pseudorandomly generated numbers that has been decrypted can be used as a second factor of authentication, without a user entering the authenticating code.
  • the digital signature can be a second factor of authentication that accompanies any suitable first factor of authentication.
  • entering login credentials for a user related to the stylus device at a computer device can be a first factor of authentication, or a fingerprint, and the like.
  • the stylus device can identify a particular user based on recognition of a fingerprint or other biometric identifier on the stylus device, and transmit data based on the identified user.
  • a stylus device with biometric sensors could allow multiple users to share and be authenticated with a single stylus device.
  • the computing device may be an untrusted device, which does not receive secrets from the stylus, and does not undergo a security setup process with the stylus. Rather, the computing device may receive the digital signature and stylus ID, which are forwarded to a cloud service that has access to the decryption key and/or other necessary elements of the stylus cryptographic credentials.
  • the cloud service can indicate if the stylus has been authenticated.
  • code generation can be with a PRNG that generates a new code every N seconds.
  • a private encryption key can remain secret on the stylus device, and a decryption key can be transmitted to a computer device along with initial seed and timestamp when the seed was generated.
  • a hash function can be utilized to generate a new code as a hash sequence.
  • user data is enabled to be received by the computer device from the stylus device in response to detecting that the digital signature related to the stylus device is authenticated.
  • the computer device can receive any suitable amount of user data following authentication of the stylus device.
  • the stylus ID corresponding to the stylus device can be stored along with the user data.
  • the method 500 of having any digitizer interface on any computer device, potentially insecure, and from any owner provides a means for increasing the security of a stylus device, and can authenticate whether one or another stylus device was the author of digital ink left on a computer device.
  • the process flow diagram of Fig. 5 is not intended to indicate that the steps of the method 500 are to be executed in any particular order, or that all of the steps of the method 500 are to be included in every case. Further, any number of additional steps may be included within the method 500, depending on the specific application.
  • the computing device may not receive the decryption key from the stylus device if the computing device is an unsecured or untrusted device.
  • the computing device may transmit the digital signature and a stylus ID associated with the stylus device to an authentication application residing in a cloud service.
  • the cloud service can include the decryption key associated with the stylus ID, which can enable the cloud service to decrypt the digital signature and authenticate the identity of the author of digital ink detected by the computer device.
  • the computing device may access a decryption key and send a confirmation of the author of digital ink to a second computer device.
  • Fig. 6 is a block diagram showing computer-readable storage media 600 that can store instructions for cryptographically authenticating an author of digital ink.
  • the computer-readable storage media 600 may be accessed by a processor 602 over a computer bus 604.
  • the computer-readable storage media 600 may include code to direct the processor 602 to perform steps of the techniques disclosed herein.
  • the computer-readable storage media 600 can include code as a reception module 606 configured to direct the processor 602 to receive cryptographic information, such as a unique stylus ID, and an initial seed value for a code generator from a stylus device.
  • the stylus device encrypts each code with an encryption key generated by the stylus device during a setup phase to create a digital signature.
  • the reception module 606 also receives the digital signature from the stylus device, and the processor can direct the received information be saved in storage.
  • the computer-readable storage media 600 can include a decryption module 608 configured to direct the processor 602 to facilitate a decryption.
  • the decryption module 608 can decrypt the digital signature received from the stylus device. The decryption can be based on the decryption key, the initial seed value for the sequence of codes, and a time since the initial seed value was generated.
  • the authentication module 510 can instruct the processor to authenticate the digital signature has been properly decrypted.
  • the authentication module 510 can direct the processor to access the decryption key related to the stylus device.
  • the authentication module 510 can ensure the decrypted digital signature matches the expected sequence of numbers.
  • a computer device that may access the decryption key for the stylus device for example, over a cloud server, can decrypt the digital signature and recover the original sequence transmitted by any stylus device that has its decryption key and stylus ID available that is inking on the computer device.
  • the example stylus device includes a first module to generate and store cryptographic credentials that include a secret value.
  • the example stylus device includes a second module to transmit the secret value from the stylus device over a secure channel to a computer device.
  • the example stylus device includes a third module to generate a sequence of codes which depend on the secret value.
  • the example stylus device includes a fourth module to transmit the sequence of codes over a second channel.
  • the secure channel of the example stylus device can be a digitizer channel that transmits using a short range protocol.
  • the digitizer channel can transmit to a computer device when the stylus device is touching the computer device or when the stylus device is within a hover range of the computer device.
  • the digitizer channel is configured for bi-directional communication between the stylus device and a computer device.
  • the secure channel and second channel can be the same.
  • the second channel can be an additional channel to transfer data between the stylus device and a computer device.
  • the second channel can be a wireless auxiliary channel that is used when the stylus device exceeds a hover distance from the computer device.
  • the sequence of codes can be generated with a pseudorandom number generator.
  • the sequence of codes is generated with a hash function.
  • the secret value can include an initial seed to generate the sequence of codes.
  • the secret value can include a key used to decrypt the sequence of codes.
  • the secret value can include data computed by the stylus device from a biometric sensor on the stylus device.
  • An example stylus device including multiple modules.
  • the example stylus device includes a first module to generate and store cryptographic credentials which include a public and private key pair for use by an asymmetric encryption algorithm.
  • the example stylus device includes a second module to transmit the public key from the stylus device over a first channel to a computer device.
  • the example stylus device includes a third module to generate a sequence of codes encrypted with the private key.
  • the example stylus device includes a fourth module to transmit the sequence of codes over a second channel to a computer device.
  • the first channel or the second channel of the example stylus device can transmit data using a low energy protocol.
  • the first channel can convey data to the computer device when the stylus device is touching the computer device or when the stylus device is within a hover range of the computer device.
  • the first channel can be a digitizer channel.
  • the first channel and second channel can be the same channel.
  • the second channel can be a wireless auxiliary channel at the stylus device to transmit the encrypted sequence and the stylus ID when the stylus device exceeds the hover range.
  • the sequence of codes can be generated with a pseudorandom number generator.
  • the sequence of codes can be generated with a hash function.
  • An example method for authenticating an identity of a stylus device that is an author of digital ink on a computer device.
  • the example method includes receiving a value generated by the stylus device during an initialization stage.
  • the example method includes receiving a code generated from the stylus device during an authentication stage.
  • the example method also includes cryptographically
  • the value can include an initial seed to generate a sequence of codes.
  • the sequence of codes can be generated with a pseudorandom number generator or a hash function.
  • the value can include a key, and the key is used to decrypt the code.
  • the example method can also include decrypting the generated code.
  • the example method can include cryptographically authenticating the author of digital ink using a cloud service, the cloud service receiving the value and generated code.
  • the example method can include sending a confirmation from the cloud service that the author of the digital ink corresponds to the stylus device.
  • An example computing device for cryptographically authenticating a stylus device for an author of digital ink includes a first module to receive data from a stylus device over a channel when the stylus device is within a hover range of the computing device.
  • the computing device includes a second module to authenticate a digital signature based on a secret value generated by the stylus device during an initialization phase.
  • the computing device also includes a third module to cryptographically authenticate an author of digital ink based on the authentication of the digital signature.
  • the example computing device includes a storage device that includes a hard disk drive or solid state drive of the computing device, and wherein the digital signature is authenticated based on the secret value that is stored in the hard disk drive or the solid state drive.
  • the computing device is a part of a cloud service.
  • the example computing device can include a fourth module to access the secret value, and send a confirmation of the author of digital ink to a second computing device.
  • the example computing device can include a fifth module to detect a stylus ID related to the stylus device that is authenticated and enable the stylus associated with the stylus ID to transmit user data to the computing device.
  • An example computing device for cryptographically authenticating a stylus device for an author of digital ink includes a first module to receive data from a stylus device over a channel when the stylus device is within a hover range of the computing device.
  • the computing device includes a second module to decrypt and authenticate a digital signature based on a public key generated by the stylus during an initialization phase.
  • the computing device includes a third module to cryptographically
  • the computing device includes a storage device such as a hard disk drive or solid state drive.
  • the digital signature is authenticated based on the key that is stored in the hard disk drive or the solid state drive.
  • the computing device includes a fourth module to access the key, and to send a confirmation of the author of digital ink to a second computing device.
  • the computing device includes a fifth module to detect a stylus ID related to the stylus device that is authenticated and to enable the stylus associated with the stylus ID to transmit user data to the computing device.
  • the computing device can include a wireless auxiliary channel at the stylus device for optionally transmitting the encrypted sequence and the stylus ID over a radio frequency when the stylus device exceeds a hover range from the computing device.
  • the terms (including a reference to a "means") used to describe such components are intended to correspond, unless otherwise indicated, to any component which performs the specified function of the described component, e.g., a functional equivalent, even though not structurally equivalent to the disclosed structure, which performs the function in the herein illustrated exemplary aspects of the claimed subject matter.
  • the innovation includes a system as well as a computer-readable storage media having computer-executable instructions for performing the acts and events of the various methods of the claimed subject matter.
  • one or more components may be combined into a single component providing aggregate functionality or divided into several separate sub-components, and any one or more middle layers, such as a management layer, may be provided to communicatively couple to such subcomponents in order to provide integrated functionality.
  • middle layers such as a management layer
  • Any components described herein may also interact with one or more other components not specifically described herein but generally known by those of skill in the art.

Abstract

L'invention concerne des procédés et des systèmes pour authentifier et identifier des dispositifs stylet. Dans un exemple, un procédé comprend la réception d'une valeur générée par le dispositif stylet lors d'une étape d'initialisation. Le procédé comprend la réception d'un code généré provenant du dispositif stylet au cours d'une étape d'authentification. Le procédé consiste également à authentifier cryptographiquement un auteur d'encre numérique correspondant au dispositif stylet sur un dispositif informatique, sur la base, en partie, de la valeur et du code reçu.
PCT/US2016/031953 2015-06-04 2016-05-12 Authentification de dispositif stylet WO2016195949A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201680032591.8A CN107683582B (zh) 2015-06-04 2016-05-12 认证指示笔设备
EP16726235.1A EP3304258B1 (fr) 2015-06-04 2016-05-12 Authentification de dispositif stylet

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/730,501 2015-06-04
US14/730,501 US9898100B2 (en) 2015-06-04 2015-06-04 Authenticating stylus device

Publications (1)

Publication Number Publication Date
WO2016195949A1 true WO2016195949A1 (fr) 2016-12-08

Family

ID=56092994

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/031953 WO2016195949A1 (fr) 2015-06-04 2016-05-12 Authentification de dispositif stylet

Country Status (4)

Country Link
US (1) US9898100B2 (fr)
EP (1) EP3304258B1 (fr)
CN (1) CN107683582B (fr)
WO (1) WO2016195949A1 (fr)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10251061B2 (en) * 2015-12-17 2019-04-02 Tadhg Kelly Cellular out of band management as a cloud service
US10817081B2 (en) * 2016-04-08 2020-10-27 Peter Kolarov Qualified electronic signature device in the form of stylus and method of its use
US20170329952A1 (en) * 2016-05-13 2017-11-16 Microsoft Technology Licensing, Llc Casual Digital Ink Applications
EP3291504B1 (fr) * 2016-08-30 2020-03-11 Wacom Co., Ltd. Authentification et transmission sécurisée des données entre dispositifs de signature et ordinateurs host à l'aide de la sécurité des couches de transport
US10594702B2 (en) 2016-12-16 2020-03-17 ULedger, Inc. Electronic interaction authentication and verification, and related systems, devices, and methods
US10185415B2 (en) 2017-02-24 2019-01-22 Microsoft Technology Licensing, Llc Configurable communication protocol for communication between a stylus device and a host device
US10439753B2 (en) 2017-05-25 2019-10-08 Microsoft Technology Licensing, Llc Multi-protocol communications between host devices and stylus devices
US10311682B1 (en) * 2018-03-08 2019-06-04 Capital One Services, Llc Counterfeit detection apparatus
US20220391084A1 (en) * 2019-09-25 2022-12-08 Zhangyue Technology Co., Ltd Information display method, reader, computer storage medium, ink screen reading device and screen projection display system
EP3917103A1 (fr) * 2020-05-29 2021-12-01 Siemens Aktiengesellschaft Procédé, système, émetteur et récepteur d'authentification d'un émetteur
US11740729B2 (en) 2021-03-25 2023-08-29 Microsoft Technology Licensing, Llc Assigning device identifiers by host identifier availability

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001095559A1 (fr) * 2000-06-07 2001-12-13 Anoto Ab Procede et dispositif de radiotransmission sure d'informations
US20060005023A1 (en) * 2004-06-22 2006-01-05 Hewlett-Packard Development Company, L.P. Input device feature

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7457413B2 (en) * 2000-06-07 2008-11-25 Anoto Ab Method and device for encrypting a message
US7278017B2 (en) * 2000-06-07 2007-10-02 Anoto Ab Method and device for secure wireless transmission of information
US8285991B2 (en) 2000-10-25 2012-10-09 Tecsec Inc. Electronically signing a document
US7609863B2 (en) 2001-05-25 2009-10-27 Pen-One Inc. Identify authentication device
US7178719B2 (en) * 2003-04-07 2007-02-20 Silverbrook Research Pty Ltd Facilitating user interaction
US7363505B2 (en) 2003-12-03 2008-04-22 Pen-One Inc Security authentication method and system
CN101133418B (zh) * 2004-10-12 2011-06-29 阿诺托股份公司 来自电子笔的信息的安全管理方法和系统
US20100079414A1 (en) 2008-09-30 2010-04-01 Andrew Rodney Ferlitsch Apparatus, systems, and methods for authentication on a publicly accessed shared interactive digital surface
US20100139992A1 (en) 2008-12-10 2010-06-10 International Business Machines Corporation User-authenticating, digital data recording pen
US9104312B2 (en) * 2010-03-12 2015-08-11 Nuance Communications, Inc. Multimodal text input system, such as for use with touch screens on mobile phones
WO2012127471A2 (fr) 2011-03-21 2012-09-27 N-Trig Ltd. Système et procédé pour une authentification à l'aide d'un stylet d'ordinateur
US9329703B2 (en) 2011-06-22 2016-05-03 Apple Inc. Intelligent stylus
US9965107B2 (en) * 2011-10-28 2018-05-08 Atmel Corporation Authenticating with active stylus
US8787564B2 (en) 2011-11-30 2014-07-22 Certicom Corp. Assessing cryptographic entropy
US20140035883A1 (en) 2012-07-31 2014-02-06 Research In Motion Limited Apparatus and Method Pertaining to a Stylus That Emits a Plurality of Infrared Beams
US9921626B2 (en) * 2012-09-28 2018-03-20 Atmel Corporation Stylus communication with near-field coupling
KR102012923B1 (ko) * 2013-02-20 2019-08-22 삼성전자주식회사 단말기의 보안 관리장치 및 방법
JP2015011679A (ja) * 2013-07-02 2015-01-19 シャープ株式会社 操作入力装置及び入力操作処理方法
US9798396B2 (en) * 2014-08-18 2017-10-24 Atmel Corporation Low-power and low-frequency data transmission for stylus and associated signal processing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001095559A1 (fr) * 2000-06-07 2001-12-13 Anoto Ab Procede et dispositif de radiotransmission sure d'informations
EP1292882B1 (fr) * 2000-06-07 2006-07-26 Anoto AB Procede et dispositif pour le codage d'un message
US20060005023A1 (en) * 2004-06-22 2006-01-05 Hewlett-Packard Development Company, L.P. Input device feature

Also Published As

Publication number Publication date
CN107683582B (zh) 2021-01-01
EP3304258A1 (fr) 2018-04-11
EP3304258B1 (fr) 2020-11-18
US9898100B2 (en) 2018-02-20
CN107683582A (zh) 2018-02-09
US20160357275A1 (en) 2016-12-08

Similar Documents

Publication Publication Date Title
EP3304258B1 (fr) Authentification de dispositif stylet
US10154021B1 (en) Securitization of temporal digital communications with authentication and validation of user and access devices
US10015154B2 (en) Un-password: risk aware end-to-end multi-factor authentication via dynamic pairing
US20180144114A1 (en) Securing Blockchain Transactions Against Cyberattacks
US7111172B1 (en) System and methods for maintaining and distributing personal security devices
KR102381153B1 (ko) 신원 정보에 기초한 암호화 키 관리
EP1866873B1 (fr) Procédé, système, dispositif de sécurité personnelle et produit de programme informatique pour authentification biométrique sécurisée par cryptographie
Wei et al. An intelligent terminal based privacy-preserving multi-modal implicit authentication protocol for internet of connected vehicles
EP3318003A1 (fr) Authentification et fourniture confidentielles
US20190174304A1 (en) Universal Authentication and Data Exchange Method, System and Service
US8566579B2 (en) Obfuscated authentication systems, devices, and methods
EP3206329B1 (fr) Procédé, dispositif, terminal et serveur de contrôle de sécurité
CN111316596B (zh) 具有身份验证的加密芯片
US20120124378A1 (en) Method for personal identity authentication utilizing a personal cryptographic device
KR20200116010A (ko) 아이덴티티 정보에 기초한 암호 키 관리
US11868457B2 (en) Device and method for authenticating user and obtaining user signature using user's biometrics
CN114531236B (zh) 一种密钥的处理方法、装置及电子设备
US11621848B1 (en) Stateless system to protect data
US11528144B1 (en) Optimized access in a service environment
US11799632B1 (en) Optimized authentication system
US20230155825A1 (en) Cryptographic device, system and method therof
Ranganath Cloud Data Security through Hybrid Verification Technique Based on Cryptographic Hash Function
CN111917698A (zh) 数据共享装置及其数据共享方法
Lihua et al. An Identity authentication protocol based on SM2 and fingerprint USBkey
Atzeni et al. Authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16726235

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2016726235

Country of ref document: EP